Integrated GRC at Georgia Department of Administrative Services
“We went from auditing 20% of P-Card transactions to 100%. We were doing it retrospectively, now we’re doing it in real-time.”
Deputy CIO, Business Integration Information Technology,
Georgia Department of Administrative Services
The Georgia Department of Administrative Services (DOAS) provides business solutions to Georgia’s state and local government entities. DOAS’ product and service offerings include procurement, risk management, human resources, fleet support services, and surplus property transactions.
Modern GRC platform
Strategic tools to manage compliance and mitigate risk
Unlock process improvements
Powerful analytics can improve business processes and increase efficiencies
Take confident, data-driven decisions to business owners
Interview with Kristine Splieth, Deputy CIO, Business Integration Information Technology, Georgia Department of Administrative Services.
Well, I work for the Department of Administrative Services and we’re really responsible for policy, tools, oversight and compliance for areas like procurement, fleet, surplus, human resources administration and risk management.
What risks do you face?
The usual financial risks, the costs to the state, the costs to the taxpayers when anything like fraud or wasteful spending or non-compliance spending occurs. There’s also operational risks where the cost of recovering from some sort of problematic amount of data causes us to have to go into a focus on “what do we do to fix this?” and losing track of all the other things which really are business objectives. And the third thing is any major political risk.
Why did you choose the ACL platform?
What came really into focus was our need for something that helped us with governance and risk and compliance. Analytics is one thing and we do need it—but the ability to pull those results right into a tool to manage the compliance and mitigate the risk really was what we found would really meet our needs.
What benefits have you seen from using it?
The big value to me has been that in each of the situations where I’ve gone to the business owner and said I think we can use ACL GRC here, the flexibility allows me to do that. In other words, I can come at it from another perspective: I can actually find some information on the website that shows me somebody else has done something similar. So, I can kind of go in to the business owners and show them why this will work for them and get them on board.
You know, we found something in the P-Card area that had been going on for about three years. We found it within the first week of using ACL and then went back and found all the last three years, but it just shows you our old audit process allowed those purchases to slide through the cracks. With putting ACL in, we found exactly that week that a new transaction had occurred.
What business improvements have you experienced?
In one particular instance, we found that one group of suppliers was grossly under-reported. In one quarter, we went back and looked at three years, and found about $32 million worth of unreported spend, which equated to just over $400,000 in admin fees. Which is huge to our bottom line because that’s where our funds come from. By being able to use the analytics portion, we went from auditing 20% of P-Card transactions to 100%. We were doing it retrospectively, now we’re doing it in real-time.
What advice do you have for somebody considering ACL?
If you’re going to invest in something like this, you want to invest in both the software and the people who are going to use it. And you want to make sure that you develop that skill within your organization, that knowledge, because there’s so many powerful features in that tool. If I just stopped at doing the P-Card audits, it would have worked great, but we would not have gotten the full benefits we’ve gotten from if we hadn’t gotten others trained on it.